jump to navigation

MY LATEST BOOK RELEASED! “The Science of Security” May 16, 2026

Posted by Chris Mark in cyberespionage, cybersecurity, Industry News, InfoSec & Privacy, Laws and Leglslation, Piracy & Maritime Security, Risk & Risk Management, security, security theater.
Tags: , , , , , , , , , , ,
add a comment

Announcing Scientia Securitatis: The Science of Security

After 34 years across nearly every security domain that exists — armed physical security at an overseas critical installation, combat force protection, security in a regional hospital’s psychiatric ward, payment-card industry compliance, armed maritime contracting off the East African coast, and a return to enterprise cybersecurity that has occupied the past decade — I have written the book I wish someone had written when I started.

Scientia Securitatis: The Science of Security — Theory, Frameworks, and Practice is available now.

The gap this book is intended to fill

The security profession does not lack books. Walk into any bookstore, scan any conference vendor floor, search any retailer’s security category, and you will find more material on cybersecurity, physical security, risk management, military theory, criminology, intelligence analysis, and organizational resilience than any single practitioner could read in a career. The field is overwhelmed with information.

What it lacks is integration.

Each security domain has developed its own vocabulary, its own frameworks, its own bestsellers, its own consultants. Each domain — when traced carefully to its analytical roots — is reaching for the same underlying concepts the next domain over named differently. Practitioners in physical and cybersecurity are working on the same analytical problems and rarely speak to one another. When they do, they discover that they have been duplicating each other’s work for decades.

Scientia Securitatis is an attempt to make that recognition the starting point of professional practice rather than an accident a few practitioners stumble into late in their careers.

What’s in the book

The book runs to 525 pages across 11 chapters and three appendices. It develops four original analytical frameworks:

  • The Mark Heptad — a taxonomy of seven adversary motivations (financial, espionage, war/defense, facilitation, hacktivism, revenge, nuisance) that maps directly to deterrence strategy
  • The IMCM Framework — Ignorance, Mistake, Complacency, Malice — for classifying human-induced vulnerabilities and matching them to specific interventions
  • The DIVE Framework — Direction, Intensity, Vulnerability, Exposure — for assessing specific exposure surfaces
  • The Multiplicative Security Model — the mathematical basis for defense-in-depth, with implications for how security architecture should actually combine

These original frameworks sit within a broader analytical apparatus drawn from criminology (Cohen and Felson’s Routine Activity Theory, Cornish and Clarke’s Twenty-Five Techniques of Situational Crime Prevention), cognitive science (Kahneman and Tversky on judgment under uncertainty), military theory (Sun Tzu, Clausewitz, contemporary unrestricted warfare doctrine), and systems-safety scholarship (James Reason’s Swiss Cheese Model, Charles Perrow’s normal-accident theory).

The book also examines — and critically engages — the victim-blaming reflex that dominates post-incident analysis, drawing on the foundational criminological literature on victim precipitation and contemporary case studies including Equifax, OPM, Target, and Snowflake.

A note on the Latin title

Scientia Securitatis translates as “the science of security,” and the choice was deliberate. The Latin signals that the book engages security as a serious analytical discipline whose intellectual roots long predate the cybersecurity industry’s tendency to treat its problems as historically unprecedented. The phenomena security examines are ancient; the framework for studying them rigorously has been available since at least the mid-20th century. The book argues that practitioners have, with rare exceptions, declined to use it.

Who this book is for

This book is for the practitioner who has noticed that decades of escalating security investment have not produced proportional security gains, and who wants to understand why. It is for the security executive building defensible programs across multiple domains. The policy professional confronting unrestricted warfare doctrine. The risk and compliance leader who suspects that frameworks alone are not stopping sophisticated adversaries. The graduate student approaching security as an analytical discipline rather than a job category.

It is not a tactical handbook. It is not a configuration guide. It is the analytical apparatus that determines whether tactical choices are well-made — the apparatus the field has been operating without.

Where to get it

Scientia Securitatis: The Science of Security is available now on Amazon in eBook, paperback, and hardcover formats:

Scientia Securitatis

If you find the book useful, please consider leaving a review. Self-published analytical nonfiction lives and dies by word-of-mouth among the practitioners it was written for — and a thoughtful Amazon review from a working professional is worth more to other professionals than any amount of marketing.

— Chris Mark

Chris Mark & Heather Mark in Feb 2013 TransactionWorld February 1, 2013

Posted by Chris Mark in Uncategorized.
Tags: , , , , , , , ,
add a comment

Feb%20CoverFebruary’s edition of TransactionWorld was released today and both Chris and Heather have articles in the issue.  Chris (that is me) wrote “Security in Dangerous Waters; Pirates & CyberCrime” while Heather wrote “Shifting Targets; Dealing with Regulatory Shifts in Data Security & Privacy”.   Please be sure to check out the articles..

“Ruh Roh!…Google did it again!” – Admits it did not delete ‘streetview data’. July 27, 2012

Posted by Chris Mark in Uncategorized.
Tags: , , , , ,
add a comment

I what can only be described as an absolute shock (catch my sardonic humor?)…Google has now admitted that it did not delete “… all the personal data, such as emails, its Street View cars collected in Britain and other countries in 2010.”

According to MSNBC:

“The failure to comply with a promise to delete all the data was notified to Britain’s Information Commissioner’s Office (ICO), which said the fact that the data still existed appeared to breach an undertaking signed by Google in November 2010. (more…)

“Use of Force” Webcast – Nexus Consulting Group May 16, 2012

Posted by Chris Mark in Industry News, Laws and Leglslation, terrorism, weapons and tactics.
Tags: , , , , , ,
add a comment

Nexus Consulting Group is scheduling a webcast for the week of May 21- 25 on the topic of the Use of Force in Maritime Security.  Recently, a video surfaced of a maritime security company firing on Somali Pirates.  While the topic has been debated, Nexus was mistakenly identified as the company that took action.  If you are interested in learning about Use of Force and the legal issues, then contact Nexus at info@ncga.us and note your interest in attending the webcast and we will advise which sessions are available.  You can download the Use of Force Primer and follow along document here.

Having previously worked for a maritime security company,  I felt pretty informed on the Use of Force and Maritime issues.  After speaking to Kevin on numerous occasions, it was apparent that Kevin is an expert on Maritime Security and the industry at large.  I always come away from a discussion with Kevin impressed and having learned something new about maritime security.  Any knuckle-dragger can carry a gun and use it indiscriminately.  It is appropriate, disciplined use of a weapon that separates professional security from amateurs.  There are few security companies that I would recommend and that have the expertise to protect  ships while minimizing risk to ship owners. Use of force is an critical yet complex subject.  I recommend you take the opportunity to listen to an expert on maritime security and definitely take the opportunity to ask questions.

Random Thoughts On Piracy Summit (I have to talk about guns a little ;) May 1, 2012

Posted by Chris Mark in Industry News, Piracy & Maritime Security, Risk & Risk Management.
Tags: , , , , , , , ,
add a comment

In reflecting upon the Piracy Europe even in Hamburg that I attended last week, I was struck by a few things that were said and proposed.   The speakers were generally very good although the material is getting a bit old at this point.  With piracy at near 2007 levels, security vendors are scrambling to convince shipping companies that they are still needed.  Selling on Fear, Uncertainty, and Doubt (FUD) seems to be the new way of business development.

With regard to the security vendors, there appeared to be two distinct perspectives on how to stop pirates.  Neither seemed appropriate.  One company had a rep get up and show a picture of himself with a Barrett .50 cal SASR (special application scoped rifle) (shown in the pic above with the very skilled, handsome and smart USMC Sniper..yeah its me).  The intimation was that if you have larger guns, you have more ‘firepower’ and thus better security.  This is a very simplistic way of thinking about security and demonstrates one of the challenges of maritime security.  Security is not about technology…it is about people, strategies, and tactics.  Tools (such as weapons) are useful but only if employed correctly.  You can read the whitepaper “weapons and tactics in the prevention of piracy” here. This “goons with guns” approach was not well received and quite frankly, I felt it perpetuated what the attendees think of American security…knuckle-dragging, goons with guns. Blackwater is alive and well in the minds of most of those who attended the event. (more…)